• 0 Posts
  • 39 Comments
Joined 1 year ago
cake
Cake day: October 5th, 2023

help-circle
  • I don’t think it’s literally a search and replace but a part of the prompt that is hidden from the user and inserted either before or after the user’s prompt. Something like [all humans, unless stated otherwise, should be ethnically ambiguous]. Then when generating it’s got confused and taken it as he should be named ethnically ambiguous.



  • Please don’t do this. It’s immoral to ride off the free work of others, then turn around and rug pull them. Either stick with open source and take the good and the bad, or go proprietary. Don’t do this fake open source that harms the community. If you have a permissive license there’s nothing stopping you from selling other’s work and a CLA is not needed. If you have a copyleft license then a CLA defeats the entire purpose of that.


  • There are no open source licenses that do not allow for commercial applications. It goes against the very core of what it means to be open source.

    However, what you’re probably looking for is a license that prevents people from taking your code and making a commercial application without giving back. What this means is that any copy of your source code must also be open source. This is what a copyleft license does and you could look at something like the GPLv3 or the less restrictive MPLv2.


  • Linux people are passionate about Linux and will tell you all the reasons to switch. I’m here to tell you to stick to what you already know. There’s no point changing your entire operating system if you don’t have the time to invest in a totally new way of using your computer.

    It does make me curious why you even decided to install Linux though. Something must have made you take that step.


  • stifle867@programming.devtoLinux@lemmy.mlBack to linux!
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    1 year ago

    I understand and that’s definitely a valid criticism of Linux. It’s not a drop in replacement for Windows and it’s definitely not as user friendly or targeted towards a general audience. Due to the flexibility of customisation, and the sheer amount of different distributions it is hard to provide individual support without knowing all the details of your system. It’s not like Windows where in general you’re probably running one of two versions.

    And while being a criticism to some, it is also a strength to others.

    If you ever get stuck on something feel free to shoot me a message and if I can I will try and provide advice.


  • Well that is the question I intentionally asked in my 1st comment so yeah that’s a good start :P

    Considering that it definitely is a Bluetooth device that means it has to be relatively close to your computer. Unless you live in an apartment building and are in range of Bluetooth devices not in your household you should be considering the electronic devices around you.

    Do you have any “smart” devices like a baby monitor, a home camera system, vacuum, air purifier or any such thing that has Bluetooth?

    Because you are saying that there’s no new devices that you can think of, and it does seem suspicious, my thought goes towards a device that is connected to the internet and has potentially been hacked and is now misbehaving. It may not be the case but best to err on the side of caution and you did the right thing by not accepting the connection.


  • Of course you need a foundational knowledge of Windows before you are able to accomplish certain tasks. You are not born with the knowledge of how to operate a computer. Even people who have not used computers before struggle with basic tasks. If I ask someone who is new to Windows to install Photoshop will they be able to accomplish it with no prior knowledge? You have to know you open the web browser, navigation to the proper website, download the installer, run the installer, find the menu shortcut, etc.

    As for how to install programs on Linux it does depend on the distribution and the application you wish to install but let’s take Ubuntu for example. If I want to install VLC I would type sudo apt install vlc. If I want to install Firefox I would type sudo apt install firefox. Instructions should be available online with a quick search.


  • It doesn’t necessarily mean you aren’t intelligent but perhaps you’re trying to do things you would do in Windows without having a foundational knowledge of Linux. Linux is not a drop-in replacement for Windows, it’s a totally different operating system with different ways of doing things.

    In this example situation you are talking about it’s the equivalent of if I asked you to edit an image in Photoshop but you didn’t have it installed. That’s what “command not found” is trying to tell you. It’s not found because it’s not installed on the system.


  • I think they’re trying to say that a lot of the time reading the documentation treats you as if you’re an expert in that particular topic, but if you can find a good guide it will usually give you all the information and commands you need to accomplish what you wanted to do. They go on to say they prefer guides that respect the user’s intelligence while not making things overly complex.




  • While this is a real issue, the threat is best mitigated outside of the browser. In theory any application you run could put contents in your primary selection, the threat is what you do with that. The biggest threats I can imagine are insecure shell settings which the author pointed out and can be mitigated easily. Or as a commenter pointed out, cryptocurrency related activities could be at risk - such as pasting in an address to send the currency to could be hijacked and you probably wouldn’t even notice as the addresses are random. X is known to be insecure and if you’re doing something sensitive like handling cryptocurrency it would be best practice not to run X anyway.


  • It would be much easier to check the settings for your shell and display server. It’s a very niche threat. Think about how having something copied into your clipboard could actually effect you? I can’t imagine too many scenarios where you would paste something malicious that would actually be a problem. Paste something malicious into an email and you could just delete it. Paste something into the URL address bar and it wouldn’t submit until you told it to. Paste something malicious into your terminal and it wouldn’t submit until you hit enter (check that last one yourself).

    Alternatively, disable javascript in the browser.


  • I 100% agree that it effects an extremely small percentage of the population, but it’s also not hard to imagine a scenario in which this can have real consequences.

    Let’s imagine I have a popular website that documents Linux tips and tricks (think: which command can I run to see drive storage used again?). In there I have a short command people can copy and paste to run (maybe df -h). The user copies this command and switches window to their terminal, at which point the blur event listener fires and I override the innocuous command with a malicious command. The user pastes it into their terminal without any indication that the primary selection content is now different.

    Yes, this is due to both insecure X and shell settings that doesn’t effect everyone (Wayland and sane shell). It’s as much or even more the fault of the insecure programs, but Firefox is a part of that. Even in this situation it would be much more likely that the user is effected compared to the “general population”. It’s more of a targeted attack than a broad insecurity, but it’s not a “one in a million” chance.


  • It’s a simple POC. To address your points you could easily add an event listener for the window blur event so whenever the window loses focuses. You could also use javascript to manually highlight the user selected text when the window regains focus. You can make it as complex as you wanted.

    The point is that the core of the issue, that you can override the users select buffer which could be used to maliciously insert commands, exists.





  • Others have commented on the process. It’s easier than you think.

    One thing that might confuse you at first (after successful install) is that when you change between operating systems, the system clock gets thrown off. That’s because Linux and Windows interpret the system time differently (local time vs UTC).

    To match Windows behaviour in Linux run: sudo timedatectl set-local-rtc 1 --adjust-system-clock

    To match Linux behaviour in Windows you will need to edit the registry, I’ll leave that up to you to search.